P
US8522040B2ActiveUtilityPatentIndex 83

Oblivious transfer with access control

Assignee: CAMENISCH JAN LEONHARDPriority: Oct 21, 2009Filed: Oct 21, 2010Granted: Aug 27, 2013
Est. expiryOct 21, 2029(~3.3 yrs left)· nominal 20-yr term from priority
Inventors:CAMENISCH JAN LEONHARDDUBOVITSKAYA MARIANEVEN GREGORY
H04L 2209/50G06F 21/6227G06F 21/6263G06F 21/6254G06F 2221/2107H04L 2209/42H04L 9/3221
83
PatentIndex Score
12
Cited by
30
References
18
Claims

Abstract

A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A computer system comprising:
 a memory comprising computer readable code and a database. the database comprising a plurality of records each with an associated index and a list of one or more categories; 
 at least one processor; 
 wherein the at least one processor, in response to execution of the computer readable code, causes the computer system to perform the following: 
 generating an encryption key for each of the plurality of records such that the encryption key is derived from at least the index of the record, the list of the one or more categories for the record, and a secret key of a database server; and 
 encrypting each of the plurality of records with a corresponding encryption key. 
 
     
     
       2. The computer system of  claim 1 , wherein the at least one processor, in response to execution of the computer readable code, further causes the computer system to perform the following:
 providing an encryption key for a particular record to a user, in response to successful performance of a proof with the user at least regarding possession by the user of one or more credentials for all the one or more categories in the list corresponding to the particular record. 
 
     
     
       3. A method comprising:
 for each or a plurality of records in a database on a database server, the database comprising the plurality of records each with an associated index and a list of one or more categories, performing: 
 generating an encryption key that is derived from at least an index of the record and the list of one or more categories for the record, and a secret key of the database server; and 
 encrypting the record with the key. 
 
     
     
       4. The method of  claim 3 , further comprising:
 providing an encryption key for a particular record to a user 
 in response to successful performance of a proof with the one user regarding at least possession of one or more credentials for all the one or more categories in the list corresponding to the particular record. 
 
     
     
       5. The method of  claim 3 , wherein at least one category is a data category that the user is allowed to access. 
     
     
       6. The method of  claim 3 , wherein at least one category is an attribute that the user needs to have in order to access the particular record. 
     
     
       7. The method of  claim 4 , wherein there are a plurality of categories and wherein providing an encryption key comprises providing a providing the encryption key for the particular record to the user, at least in response to successful performance of the proof with the user regarding possession by the user of a plurality of credentials for all the plurality of categories in the list corresponding to the particular record. 
     
     
       8. The method of  claim 4 , where the proof is a zero knowledge proof. 
     
     
       9. The method of  claim 7 , further comprising receiving at the database server from the user a blinded version of an encrypted version of the particular record and a blinded version of the index corresponding to the particular record, and wherein successful performance of the proof with the user regarding possession by the user of one or more credentials for all the one or more categories in the list corresponding to the particular record also comprises successful performance of the proof with the user regarding possession by the user of the encrypted version of the particular record and the corresponding index of the particular record. 
     
     
       10. A computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable/executable by a computer system to perform the method of  claim 3 . 
     
     
       11. A method, comprising:
 performing, on a user computer system, a proof with a database server regarding at least possession by a user corresponding to the user computer system of one or more credentials for all of one or more categories in a list corresponding to a particular record in a database of a plurality of encrypted records on the database server, wherein each of the plurality of encrypted records is encrypted using an encryption key that is derived from at least an index of the record, the list of one or more categories for the record, and a secret key of the database server; and 
 receiving, at the user computer system and from the database server, an encryption key for a particular record in response to successful performance of the proof. 
 
     
     
       12. The method of  claim 11 , wherein at least one category is a data category that the user is allowed to access. 
     
     
       13. The method of  claim 11 , wherein at least one category is an attribute that the user needs to have in order to access the particular record. 
     
     
       14. The method of  claim 11 , wherein there are a plurality of categories and wherein performing the proof further comprises performing the proof with the database server regarding possession by the user of a plurality of credentials for all the plurality of categories in the list corresponding to the particular record. 
     
     
       15. The method of  claim 11 , where the proof is a zero knowledge proof. 
     
     
       16. The method of  claim 14 , further comprising sending from the user computer system to the database server a blinded version of an encrypted version of the particular record and a blinded version of the index corresponding to the particular record, and wherein performing the proof also comprises performing the proof with the database server regarding possession by the user of the encrypted version of the particular record and the corresponding index of the particular record. 
     
     
       17. The method of  claim 14 , further comprising, prior to the performing the proof, performing an issuing protocol with an issuer computer system in order to receive the plurality of credentials for all the plurality of categories in the list corresponding to the particular record and receiving, responsive to performing the issuing protocol, the plurality of credentials for all the plurality of categories in the list corresponding to the particular record. 
     
     
       18. A computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable/executable by a computer system to perform the method of  claim 11 .

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.